SURICATA

More documents

Recommendations

Info

MIXED MODE : NINJA USAGE We should add a rule to block the incoming traffic from this IP : – nft add rule filter input ip saddr 145.254.160.237 queue 0 But this solution is not very performing, because if we want to block another IP we need to add another identical rule => rules duplication
MIXED MODE : NINJA A better solution is to build a set containing all suspiscious IPs and block all incoming traffic from them : - nft add set filter suspisciousips { type ipv4_addr\;} - nft add element filter suspisciousip { 145.254.160.237 } - nft add rule ip input ip saddr @suspiscious queue 0
Page 1 and 2: SURICATA Mixing IPS/IDS Mode Novemb
Page 3 and 4: Agenda 1. Introduction 2. IPS 3. Nf
Page 5 and 6: IPS MODE How the IPS mode works in
Page 7 and 8: IPS MODE On the administrative side
Page 9 and 10: IPS MODE In IPS mode, we have two a
Page 11 and 12: IPS MODE Working in IPS mode, the b
Page 13 and 14: IPS MODE Enabling stream.inline per
Page 15 and 16: NETFILTER When a packet enters the
Page 17 and 18: NETFILTER : FILTER FILTER table : I
Page 19 and 20: NETFILTER : NAT NAT table : It's us
Page 21 and 22: NETFILTER : MANGLE MANGLE table : T
Page 23 and 24: NETFILTER : RAW RAW table : This ta
Page 25 and 26: NETFILTER : RETURN TARGET RETURN ta
Page 27 and 28: NFQUEUE - It is used in Suricata to
Page 29 and 30: NFQUEUE The following picture expla
Page 31 and 32: NFQUEUE NFQUEUE number of packets p
Page 33 and 34: NFLOG - It's used to log packet by
Page 35 and 36: MIXED MODE : INTRO We are ready to
Page 37 and 38: MIXED MODE : USAGE ● ● The usag
Page 39 and 40: MIXED MODE : USAGE 2. We may want t
Page 41: MIXED MODE : NINJA USAGE We could a
Page 45 and 46: MIXED MODE : NINJA USAGR if we are
Page 47 and 48: RUNNING MODE A running mode specifi
Page 49 and 50: MIXED MODE : STEP 1 - The runmodes
Page 51 and 52: MIXED MODE : STEP 2 - It's forbidde
Page 53 and 54: MIXED MODE : STEP 3 Since we have m
Page 55 and 56: MIXED MODE : STEP 3 NFLOG is trying
Page 57 and 58: MIXED MODE : STEP 4 4. Figure out h
Page 59 and 60: MIXED MODE : STEP 4 And the mode is
Page 61 and 62: MIXED MODE : STEP 4 As you can see
Page 63 and 64: DEMONSTRATION Once Suricata detects
Page 65 and 66: DEMONSTRATION Solution : Deny On Mo
Page 67 and 68: DEMONSTRATION Summary : - Suricata
Page 69 and 70: DEMONSTRATION Then we add our rules
Page 71 and 72: DEMONSTRATION We are ready to start
Page 73 and 74: CONTACT - Mail : glongo@stamus-netw

SURICATA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?